Controlling Access to Customer Data 6.

Time: Lecture: <n – n> minutes; Labs: <n – n> minutes

Siebel 8.0 Essentials
Intent: <What is the instructional goal of the module>
Flow: < Describe at a high level the overall flow of the module>.
Key Terms: <List terms the instructor should be familiar with in order
to teach this module>
§ <Term>
Module 6: Controlling Access to § <Term>
Customer Data § <Term>
§ <Term>

Copyright © 2007, Oracle. All rights reserved.

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.2

Each objective and “why you need to know” should be stated aloud.
Module Objectives
After completing this module you should be able to:
} Describe the difference between customer and master data in Siebel
applications
} Describe the different Access Control mechanisms used to restrict
access to data in Siebel applications
} Identify the different view types used for different types of users

Why you need to know:

} To effectively use and administer Siebel applications, you need to
understand how access to data is controlled
} Understanding view types is essential to properly assigning them to
responsibilities

Copyright © 2007, Oracle. All rights reserved. 2 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.3

Business Challenge
n Users often perform the same job functions but on different sets
of data
} For example, sales representatives need access to the records for
their own accounts, but not each others’
n Access to some data in the enterprise needs to be restricted
} Users should only see records they need to do their job
} Users should easily locate records of interest

Copyright © 2007, Oracle. All rights reserved. 3 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.4

Business Solution: Access Control for Data

n Siebel applications provide mechanisms to restrict access to
certain records based on:
} The employee
} The employee's position
} The position’s organization
n Limited access to data:
} Increases business security
} Increases user productivity

Copyright © 2007, Oracle. All rights reserved. 4 of 25

Reference Siebel Security Guide: Configuring Access Control

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.5

Relationship Between Views and Data

n Access to views is independent of access to data
} But the view defines the Access Control mechanism that will be
used to access data
n Data displayed within a view is based on the Access Control
mechanism for the view
} Example: Ted Arnold and Casey Cheng can access the same view
based on their responsibilities, but see different data in the view
Casey Cheng
(CCHENG) sees
only her own
service requests

Ted Arnold
(TARNOLD) can
access the same view
but sees only his own
service requests there
Copyright © 2007, Oracle. All rights reserved. 5 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.6

Data Classification
n Data in a Siebel Enterprise is classified as either customer data
or master data
n Customer data:
} Consists of dynamic, transactional data such as service requests
and opportunities
} Is typically created and managed by users of the application
} Has access controlled at the record level according to employee,
position, organization, or a combination thereof
n Master data:
} Includes static, referential data such as products and literature
} Is created and maintained by administrators
} Can be grouped into categories and catalogs
} Has access controlled according to catalog and category

Copyright © 2007, Oracle. All rights reserved. 6 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.7

Accessing Customer Data

n Individual records may be restricted by employee, position,
organization, or a combination thereof
} Data visibility is determined by Siebel-set properties of the
underlying business component (BC)
} Visibility may be restricted to an individual employee, position, or
organization, or multiple employees, positions, or organizations

Employees are Organization

assigned to
positions. Each
position is
assigned to one Records
Position
and only one
organization

Employee

Record visibility is restricted by a combination of employee,

position, and organization, depending on the underlying BC
Copyright © 2007, Oracle. All rights reserved. 7 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.8

Viewing Customer Data

n For customer data that is access controlled, visibility is
determined using the following drop-down visibility filters:
} My views
} My Team’s views
} All views
} All Across My Organizations views
} All Across Organizations views
n Assigning the appropriate views to the appropriate
responsibilities is critical for data access control

The visibility filter drop-

down list shows the views
available according to the
user’s responsibilities

Copyright © 2007, Oracle. All rights reserved. 8 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.9

My Views
n My views show records where you or your position is directly
associated with the record
} For example, My Accounts or My Contacts
n For some records such as Accounts or Opportunities there is a
team of positions associated with each record
} The record appears in My View if your position is on the team

A sales agent only

sees accounts for
which the sales
agent’s position is on
the account team

Copyright © 2007, Oracle. All rights reserved. 9 of 25

Primaries In order for a team-controlled record to be visible in the

My views, a primary team member must be specified.

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.10

My Personal Views
n Are used to display records directly owned by you or your
position
n Are special-case views that are rarely used (for example, with
Contacts)

A sales agent only

sees contacts for
which he or she is
the direct owner

Copyright © 2007, Oracle. All rights reserved. 10 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.11

My Team’s Views
n Are an additional view for managers that allow them to see
records assigned to their direct and indirect reports
} For records with teams of positions, only records where the
primary is the direct or indirect report are displayed
} Manager does not have to be assigned to the record
n Are typically assigned only to manager responsibilities
n Are implemented using the position hierarchy

Manager sees only the accounts

for which the manager’s direct
or indirect reports are the
primary position on the account

Copyright © 2007, Oracle. All rights reserved. 11 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.12

All Views
n Are used to show all records belonging to your current
organization
} The organization of your current position
} Not related to My or My Team’s views, which are person or
position oriented

A service agent sees all

the service requests
assigned to his or her
organization,
regardless of the owner

Copyright © 2007, Oracle. All rights reserved. 12 of 25

Primaries In order for a team-controlled record to be visible in the

All views, a primary team member must be specified.

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.13

Customer Data and Organizations

n By default, when a record is created it is associated with the
organization of the creator’s current position
n To change the organization associated with a record, use the
More Info view
} Records may be associated with multiple organizations

A record’s Organization is
usually shown under the More
Info tab in the detail view

Copyright © 2007, Oracle. All rights reserved. 13 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.14

All Across My Organizations Views

n Are used to display all data from an organization and its child
organizations
} Based on the relationships specified by the organizational
hierarchy
n Are typically restricted to users who need to access records at
the enterprise level
} Mid-level executives
} Partners
n Are typically used for only a few types of records
} For example, opportunities
} In the All Opportunities Across My Organizations view, a sales
manager sees all opportunities in his or her organization and all of
its child organizations

Copyright © 2007, Oracle. All rights reserved. 14 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.15

All Across Organizations Views

n Are used to show all records in the enterprise that are assigned
an organization
n Are typically restricted to only those users who need to access
records across the whole company
} Top-level executives

A vice president of
sales can see all
service requests that
have been assigned

Copyright © 2007, Oracle. All rights reserved. 15 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.16

Administration Views
n Are used to display all database records, even those without a
valid owner
} For example, records that have just been imported but not yet
assigned or records where the primary position has been deleted
n Are accessed from the Administration views for each major
entity
n Should be restricted to a few users in the enterprise as they
display all records in the database

Administration views are

separate from the visibility
filter drop-down list

Copyright © 2007, Oracle. All rights reserved. 16 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.17

Summary: Types of Views

Views Description

Displays records directly assigned to you based on user ID or

My View
active position

My Personal View Only displays records you directly own

Allows managers to see records assigned to their direct and

My Team’s View (Manager’s View) indirect reports that are the primary owner based on reporting
structure

All View Displays all records associated with the user’s organization

Displays records that are assigned to the user’s organization

All Across My Organizations View
and its child organizations

All Across Organizations View Displays all records in the enterprise with a valid organization

Display all records in the database, even those without a valid

Administration Views
organization

Copyright © 2007, Oracle. All rights reserved. 17 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.18

Best Practices for Views

n My Views:
} Individual contributors should always have access
n Allows them to see records directly associated with them or their
position
} Managers and executives may or may not require access
n Require access if they might be on a team associated with a record
n Do not require access if they will never be associated with a record
n My Team’s Views:
} Individual contributors should not have access unless they have
people who report to them
} Managers should have access
n Allows them to see records associated with their reports
} Executives may or may not require access

Copyright © 2007, Oracle. All rights reserved. 18 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.19

Best Practices for Views Continued

n All Views:
} Individual contributors may or may not need access
n Call center agents should be able to see all of a company’s service
requests, hence should have an All Service Requests view
n Sales representatives may or may not need to see all opportunities
within their organization, depending on the business model
} All views are typically restricted to users who need to access
records at the organization level
n Executives, administrators
n Service agents who need to access all service requests
n All Across Organizations Views:
} These views are usually reserved for upper managers and
executives
n Exception: Call center agents may need to see all service requests
filed by a customer worldwide, hence may need access to these views

Copyright © 2007, Oracle. All rights reserved. 19 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.20

Review: Access to Customer Data

n Can be restricted by assigning individual records to:
} Employees (specified by employee’s user ID)
} Positions
} Organizations

Copyright © 2007, Oracle. All rights reserved. 20 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.21

Using Multiple Access Control Mechanisms

n A record can be restricted by more than one Access Control
mechanism
} Mechanisms are not mutually exclusive
n Each view is preconfigured to use only one mechanism at a time
} If you want to use another mechanism, you create and configure
another view

Copyright © 2007, Oracle. All rights reserved. 21 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.22

Examples
n An employee’s position may be assigned to an account that is
not assigned to that employee’s organization
} Employee sees the account in the My View
} Employee does not see the account in the All View
n Contacts have multiple access mechanisms: public (team-
based), private (position- or employee-based), and manager
} Employee sees public contacts in the My View
} Employee sees private contacts in the My Personal View
} Manager sees contacts for self and subordinates in the My Team’s
View

Copyright © 2007, Oracle. All rights reserved. 22 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.23

Summary of Record Assignment

n Standard Siebel business entities can be assigned to single or
multiple employees, positions, or organizations

Single-Valued Multi-Valued
Access Method
Access Access
Service requests
Assets
Employees Expense reports
Activities
Contacts
Accounts Team
Forecasts
Positions Contacts Access
Quotes
Opportunities Control
Assets Accounts
Organizations Consumers Opportunities
Forecasts Quotes

Copyright © 2007, Oracle. All rights reserved. 23 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.24

Review Question: <Question>

Module Highlights Answer: <Answer>
n Access to records may be restricted by employee, position,
organization, or a combination thereof
n Which records are shown depends on the view selected from the
visibility filter drop-down list
n Multiple Access Control mechanisms may be in place for a single
record
} For example, both position-based and organization-based Access
Control

Copyright © 2007, Oracle. All rights reserved. 24 of 25

Siebel 8.0 Essentials

 Controlling Access to Customer Data 6.25

Labs and Troubleshooting:

Lab <Summarize the tasks the students will perform in this lab. Suggest
n In the lab you will: specific guidance the instructor may provide if necessary to help the
} Explore record visibility in the application
students complete the lab and avoid trouble spots.>
} Add a position to a user an examine how it affects the various
visibility filters

Copyright © 2007, Oracle. All rights reserved. 25 of 25

Siebel 8.0 Essentials